US Senators Want Yahoo! To Answer Questions Regarding Data Breach

Sen. Ron Wyden, D-Ore., joined Sen. Patrick Leahy, D-Vt., and other sponsors of a comprehensive data security and breach notification bill that requires companies to take reasonable steps to secure their customers’ sensitive data and notify customers in the event of a hack, and called on the leader of Yahoo! to disclose how a massive hack at their company went unnoticed for two years.

In a letter to Yahoo! CEO Marissa Mayer, Wyden, Leahy and leading Democratic Senators asked the company to provide a timeline of the hack, which compromised at least 500 million accounts, and when law enforcement and users were notified. The lawmakers are also seeking information about how widespread the hack is, and what Yahoo! is doing to prevent such a hack in the future.

“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers. This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles,” the letter states.

The letter continues: “We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week. That means millions of Americans’ data may have been compromised for two years. This is unacceptable. This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest. Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”

Wyden co-sponsored the Consumer Privacy Protection Act authored by Leahy last year to establish a comprehensive approach to data security by requiring companies to take preventative steps to defend against cyber attacks and prevent data breaches, and to quickly notify customers in the event a data breach occurs.

The measure addresses the kinds of security breaches that have affected retail stores in recent years, as well as breaches of personal email, online accounts, and cloud computing that have sent Americans’ personal information, photos and even location out into public view.

We write following your company’s troubling announcement that account information for more than 500 million Yahoo users was stolen by hackers, compromising users’ personal information across the Yahoo platform and on its sister sites, including Yahoo Mail, Flickr, Yahoo Finance, and Yahoo Fantasy Sports. The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers. This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles.

We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week. That means millions of Americans’ data may have been compromised for two years. This is unacceptable. This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest. Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.

In light of these troubling revelations, please answer the following questions to help Congress and the public better understand what went wrong and how Yahoo intends to safeguard data and protect its users, both now and in the future. We also request that Yahoo provide a briefing to our staff on the company’s investigation into the breach, its interaction with appropriate law enforcement and national security authorities, and how it intends to protect affected users.

When and how did Yahoo first learn that its users’ information may have been compromised? Please provide a timeline detailing the nature of the breach, when and how it was discovered, when Yahoo notified law enforcement or other government authorities about the breach, and when Yahoo notified its customers.

Press reports indicate the breach first occurred in 2014, but was not discovered until August of this year. If this is accurate, how could such a large intrusion of Yahoo’s systems have gone undetected?

What Yahoo accounts, services, or sister sites have been affected?

How many total users are affected? How were these users notified?

What protection is Yahoo providing the 500 million Yahoo customers whose identities and personal information are now compromised?

What steps can consumers take to best protect the information that may have been compromised in the Yahoo breach?

What is Yahoo doing to prevent another breach in the future? Has Yahoo changed its security protocols, and in what manner?

Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?

Thank you for your prompt attention to this critical matter.

Sincerely,

___________________________

PATRICK LEAHY

United States Senator

___________________________

AL FRANKEN

United States Senator

___________________________

ELIZABETH WARREN

United States Senator

___________________________

RICHARD BLUMENTHAL

United States Senator

___________________________

RON WYDEN

United States Senator

___________________________

EDWARD J. MARKEY

United States Senator

Enjoy the article? Then please consider donating today to ensure that Eurasia Review can continue to be able to provide similar content.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

You can adjust all of your cookie settings by navigating the tabs on the left hand side.

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

disable

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies: Adsense, AddThis and YouTube.

disable

Please enable Strictly Necessary Cookies first so that we can save your preferences!